Posted
by
Soulskill
on Friday January 21, 2011 @12:34PM
from the keep-digging-that-hole dept.

Stoobalou writes "Rumor has it that Sony is looking to the PC games market to help solve its growing piracy problem on the PlayStation 3 — with the introduction of serial keys to its games. According to 'a very reliable source' quoted by PS3-Sense, Sony is attempting to address the recent revelation that it failed to properly secure the private signing key for its flagship console — leading to clever tinkerers producing third-party firmware that allows unofficial software and illegitimately downloaded games to run on unmodified hardware — by looking to the PC retail market for solutions. Unlike the PS3, the PC doesn't have a hardware DRM system built in to it — despite attempts by groups like the Trusted Computing Group, formerly the Trusted Computer Platform Alliance, to introduce such a thing — relying instead on software-based DRM and a surprisingly old-fashioned guarantee of a game's uniqueness: a serial key."

Printed on the product's packaging, the key is a unique identifier that promises that the game is the real deal - and usually verifies itself with an online server

So in order to play disc games you're going to require an internet connection?

And, just as speculation, wouldn't it be possible for someone to figure out what the server is sending the gaming console as an acknowledgment code and then setup a local area network that directs the PS3's requests to that IP address to connect to your own computer and send the same key acknowledgment notification? Sure, it's more work but history has shown that just means a little more time.

The only thing that will stop DRM is if people stop buying crap (yes CRAP) with DRM. We geezers did it in the late eighties; DRM on games disappeared entirly. Do you young folks have the balls? I'm guessing "no".

I will assume you are talking about DRM on old computer software back when the home computer was not in everyone's home and those who owned them were those that were interested. The harder forms of DRM died because the market was very small and anyone who owned a computer discussed these issues with each other. Also it didn't really die it just wasn't as restrictive and abusive, for example looking up a code in the manual of your legall

I was referring to some of the crap they pulled with their install floppies, like putting a hole in a certain spot to make the pirate version different than the legit version; in this scheme, if the program could write to the "dead" spt it was a pirate copy. Trouble was, if your head wasn't perfectly lined up, it would flag a brand new legit copy as a pirate copy.

They had many such schemes, and like the present DRM, they never did anything to stop piracy and all it accomplished was to piss off paying custom

That workaround is the simplest one for DRM to avoid. Burn a public key into the game, have the game generate a random number and send it to the server, the server must respond with that random number, signed using the private key that matches the public key in the game.

Of course, Sony doesn't seem to be competent when it comes to RSA... and there's still the fact that you should be able to modify the software to remove the DRM.

If that check were part of the game software you could just remove the check in the pirated version. If it were in hardware, you can still defeat that approach if you own the hardware that generates the random number, often by causing a temperature or voltage excursion while the random number is being generated (this is why FIPS 140 level 4 exists). Still, it would be a pretty easy way for Sony to significantly raise the bar on its copy protection without interfering with people who want to use the PS3 for

This is going to be a total disaster. Console gamers have enjoyed instant on convenience, game sharing/lending/selling, and in general a concrete certainty that the disc they hold in their hands is guaranteed to work on any console without a hitch. You cannot turn around and change all that overnight without seriously ruffling feathers. Console gamers will expect these features implicitly--it's tradition!

A recent game, Assassin's Creed:Brotherhood, came with a one time serial code which could be used to obtain downloadable content. Lots of console players simply didn't bother. The concept of typing in this alpha-numeric hieroglyph, originally designed for commercial office software, was simply alien to them. It goes beyond intelligence or capability, and enters the realm of culture and society. Console gamers simply don't work this way. This move is taking Sony into three shells [youtube.com] territory.

This isn't going to fly. This is going to crash and burn. I foresee droves of console gamers being driven to console hacking by this move. The smart option is simply to place more focus on downloadable titles, content and network features in title, incentiveising people to stay on PSN, and not bother with all that complicated geek stuff. But when it comes to consumer relations, Sony never misses an opportunity to miss and opportunity.

(I originally wrote this article for the PC Gaming Alliance article posted this morning... but since it's relevant to this discussion too I think I'll just copy and paste it again into this thread;-)

People keep harping about how useless DRM is against preventing piracy. And this is undeniably true; at best it might slow down people from copying games, but often not even that. So why, everyone wonders, do companies still insist on wasting resources, losing money, programmers, even loyal customers on a boondoggle that has been proven to be ineffective?

Because DRM is no longer only about stopping piracy. It has oh-so-many other advantages.

1) It kills second-hand sales.

2) It enables forced obsolescence (kill the registration servers and you can't play the game anymore)

3) It ensures a one-title, one machine policy. Own a lap-top AND a desktop? You can't play the game on both.

4) Online activation requires a user to be online and transmit data to the publisher. You can use this to collect valuable demographic info (also, since the customer has to be online anyway, you might as well push advertisements down his way to earn even more cash!)

5) It slowly pushes users to become more accepting of service-based licenses (e.g., subscription gaming) instead of single-sales.

6) It reassures investors that the publisher is protecting their property.

That it might have some minimal effect on slowing illegal copying of games is just an added bonus at this point. It's less a way of preventing piracy at this point as it is of maximizing the publisher's income. Don't expect it to go away anytime soon, no matter how much the customers hate it.

Thank God I bought a 360. Nothing like this I need to worry about there. Plus...got it hooked up to the Media Center Extender in the living room with a TV Tuner...so it plays games and I can watch TV...without inputting a code before doing anything.

This is going to be a total disaster. Console gamers have enjoyed instant on convenience, game sharing/lending/selling, and in general a concrete certainty that the disc they hold in their hands is guaranteed to work on any console without a hitch. You cannot turn around and change all that overnight without seriously ruffling feathers. Console gamers will expect these features implicitly--it's tradition!

A recent game, Assassin's Creed:Brotherhood, came with a one time serial code which could be used to obtain downloadable content. Lots of console players simply didn't bother. The concept of typing in this alpha-numeric hieroglyph, originally designed for commercial office software, was simply alien to them. It goes beyond intelligence or capability, and enters the realm of culture and society. Console gamers simply don't work this way. This move is taking Sony into three shells territory.

Actually, I credit Sony for the computerization of the console. Think about what Sony's done so far.

After all, some PS3 games need to be installed (and it's a real installation, not like the 360's "copy to hard disk" feature. You can't play without installing). And those installers present you a nice EULA that you have to agree to.

This is just furthering the cause - now you have to enter in your key code, just like a PC.

My guess is that Sony's trying to make the PS4 one of their Vaio PCs - hey, PS3 gamers are used to installing games, agreeing to EULAs and entering codes, let's made the next-gen console a PC!

And, just as speculation, wouldn't it be possible for someone to figure out what the server is sending the gaming console as an acknowledgment code and then setup a local area network that directs the PS3's requests to that IP address to connect to your own computer and send the same key acknowledgment notification? Sure, it's more work but history has shown that just means a little more time.

Sure, but even that is unnecessary. Pirates can just decrypt the executables on the disc, remove the check, and crea

wouldn't it be possible for someone to figure out what the server is sending the gaming console as an acknowledgment code and then setup a local area network that directs the PS3's requests to that IP address to connect to your own computer and send the same key acknowledgment notification?

Well, when I installed AC2, it required me to perform a system update. So you pretty much have to have a connection anyway.

What, should we all start demanding update disks sent to us, thus raising the costs to Sony? If I can't buy a single player game and play it without internet and without free updates, then there's some kind of collusion there.

They probably think that if they kill the rental market, people will have to buy games. And with no used games market, they don't even have to lower the prices of old games that much. Seems like the perfect strategy to milk the market, so long as you don't stop to think about how much this would piss off potential customers, who would go elsewhere with their dollars. (but wait, call everyone pirates and win anyway?)

If you cheered his 'liberation' of the PS3 you can't really be unhypocratically mad about Sony's response.

geohot didn't enable/endorse/provide piracy. he merely exposed a flaw, and took steps to specifically release and detail it that wouldn't allow you to use it for piracy. he's a hardware hacker in the old-school sense of wanting to learn, pick apart, see how things work and make them do what he wants, just to do it.

the fact others have used his work to further piracy isn't his fault and shouldn't be blamed on him.

Bullocks! He is a hacker hero. Period. Sony is not out to make things easier for consumers, and good people like George undo the shitheadednessness of assholes like Sony. The more you accept draconian DRM, as well as pure root kit nonsense, that Sony forces you to swallow, the more they take your freedom to do with your hardware whatever you want. I no longer buy Sony or Apple products because of bullshit like this. Also, do NOT subscribe me to your newsletter as you are consumer unfriendly, a possible DRM sympathizer, and as AC put it a "noncompoop."

I'm not going to claim that this was his fault. If Sony do decide to implement serial keys for their games it will be a dark day for console gaming and it will have been their decision.

That said, something like this was absolutely foreseeable when he decided to publish his work. Anyone seeing the description - a break in the PS3's security that couldn't be fixed - knew instantly that they weren't going to leave it alone and not respond, and that anything they did to try to remove the vulnerability would be

That said, something like this was absolutely foreseeable when he decided to publish his work.

Someone publishing a crack for the PS3 was absolutely forseeable once Sony got rid of OtherOS.
It might have been a mod chip or plug-in hack rather than just software, but someone was going to find a way to crack the security to put back what Sony took away.

I have a feeling it's partially about piracy, and partially about the used game market. They want a bigger piece of the pie, so they want to make it much harder or impossible for gamers to trade in games and buy used games.

That is just an added bonus. Why allow someone to own a physical object when you can license its use to them instead. Every resale of a physical object is the loss of a first hand sale at full price. Personal ownership is a threat to corporate profit. Imagine the chaos if people had the same rights as corporations?

I do take games to others houses.Sometimes I don't play online, in fact a lot of games I much prefer the single player to listening to 13 year olds yammer on about something retarded.I do have friends.

MI 2 had the mix-n-mojo code wheel. those were easy. you just photocopied each aligned option. turned a code-wheel into a 20 page pile of paper, but it worked. or so I heard... The dark red sheets with black text, though. those were a bitch. some had really esoteric characters on them. and not all photocopiers could be tweaked to get them right.

I had one friend that messed with the brightness/contrast controls on a photocopier for an entire afternoon and managed to get a readable copy out of the Simcity code list. The copy also copied very well I remember.

I don't either. However I do remember Starcontrol 2 having a gigantic ass map that was colour coded and you had to use sector finding and input the name of the star. I think it took me all of 2-3 hours one afternoon to figure out a way around it.

In the future, after conventional media and the concept of a reporter both die of attrition (along with any remaining shreds of journalistic integrity), all "news" will be bloggers blogging about rumors found on blogs. And 4chan.

This article is merely an indication that we're still moving along the path to that eventuality.

I don't know anyone who regularly plugs a USB keyboard into their console for any reason. Likewise, "typing" out a long number of string of characters using a controller seems exceptionally cumbersome.
Also, having a serial code remains yet another way Sony can tie a specific game license to a specific console.
Really, I don't see any way this could be convenient nor benefit gamers.

Umm what makes you think any of this is to benefit the gamer? If they don't tie it down to a specific console and make it so its like old half life/ counterstrike was (only one instance of a cd key can play online at a time) or which is the same thing steam is doing now it could be fine.
Then if you pass it to someone you trust with the key they can play it too. But if you give it out on the internet then it will be unplayable because you will never know when someone is on.
Now the only question is whethe

PS3 games are already spectacularly inconvenient, often requiring 30 minutes or more of downloading, patching, installing and firmware-updating before letting me actually play the game I just bought. Having to type in a serial via gamepad would be the least of it.

Or the better part of a day downloading updates, for people like me out in the sticks with coal-powered internet. It's to the point where I've resigned myself to just download the updates at work, throw 'em on a flash drive, and install when I get home, but you can't do that with the game-specific updates.

I want to like the PS3, but Sony makes it so damned hard sometimes. And I'm sure with all these massive security holes being exposed (which I'm not at all opposed to in principal, mind you), I'm sure the u

Are these game patches adding new content or just fixing bugs that should've been caught before release? I thought one of the biggest selling points of consoles was "no patches!" Adding features and content is one thing--that's a value-add for people with Internet connections. But if there are serious bugs at release time, what's the point of even buying a console? You can get the same "experience" on a PC.

When consoles become indistinguishable from PCs not just in terms of capability but complexity of oper

Explain that to your 14 year old that wants gran turismo or Madden 2011 for xmas.

I agree with you philosophically, but I tend to put my family first. You go around not letting them listen to music or play the games that everyone else is, for no other reason than "It's morally wrong to have DRM on your system" and you'll have a mutiny on your hands, quite possibly a divorce because your spouse will have to listen to the griefing. If your marriage is marginal (which may or may not be your fault) it could push

first kinect outsells the Move by 2 to 1 or more. now they have this plan to drive even more people to Microsoft. i have both and only game on my x-box. i was actually going to buy a PS3 game yesterday, but decided against it at the last minute. crazy systems like this will mean i'll just stick to my x-box

Ah yes, because the 360 is *so* much more open than the PS3. Oh wait, it's not. There is no jailbreak for the 360, only a DVD firmware mod to play "backups" (for which they've banned thousands of consoles, if not more). There was never an OtherOS for the 360. There's no official support for 3rd party hard drive installation. It only plays MS-approved media formats. And if all that weren't enough, they also charge a FEE for online play, Netflix access, and other "value added" services that don't cost t

I would argue that MS (at least the X-Box division) is a bit more consumer friendly in that they never advertised an OtherOS feature or backwards compatibility with the original X-Box. Sony touted those features and removed them (remotely in the former and on a new edition in the latter). I have neither X-Box 360 nor PS3 but it seems to be that Microsoft cheated the customer less than Sony did.

And taking advantage of dumb consumers is friendly how exactly? There are similar services for the PC that are completely free (GameSpy, Blizzard Net) that get by on advertising. MS not only charges money for it, but disallows competing networks AND still has advertising. Sorry, there's really no way to spin Live fees as anything other than anti-consumer.

I have turned my 360 on about 2-3 times after I bought my PS3 which was at least a year ago and since then it's gotten a fine layer of dust from disuse. In fact, I sold all but 2 or 3 of my Xbox games and am strongly considering selling them all plus the console itself. My PS3 sees use virtually every day. I admit to not being your typical American gamer, (I got bored of FPSes about 10 years ago) but IMO, the PS3 and its games are better in virtually every way, and having

buy game, play it. it just works. and tons of older and on sale games you can buy for cheap. and you can stream netflix on it and play DVD's. much better than buying a $300 to $400 graphics card that sounds like a jet engine and sucks up electricity. and doing it all over again in 2 years and having to buy a new computer as well because the slots are now different or something else changed.

My video card is quiet, cost me 110$ 3 years ago and play most games on high settings, including garbage console ports. I do have most consoles of this generation (both portable and not), and i like them better than PC for gaming, but for other reasons. This isn't 2002 anymore. You don't need a powerful PC to game, and upgrades are often unnecessary. (Heck, it looks like my Nintendo DS will have to be upgraded more frequently than my computer to get all the bells and whistles, between the DSi for the store and now the 3DS for newer games)

Have the PSN multiplayer code check for LV2 peek/poke syscall support, if it's found, they are using a JB dongle (or CFW modded for easier piracy) and backup manager to play (and are almost certainly pirates), so blacklist the PS3 from playing games multiplayer. This removes the people using a JB dongle.

Have the PSN multiplayer code check some hash value of the EBOOT and the FW, and compare to known values. If the FW hash doesn't match, the user is running a CFW such as geohot's that isn't specifically ma

OK, so now you're using a root kit that intercepts the peek/poke syscalls but only when Sony attempts to call them (normal user land software doesn't ever use these as they're not normally available, the mere fact that they function to a user land app indicates a compromised console altered specifically to make piracy as easy as possible), but not when any homebrew application does? Are you maintaining a whitelist of "valid" homebrew and pretending Sony can't impersonate it?

PS3 hackers have already decrypted game executables and modified them with custom values. Its not gonna be much harder for them to find these "internet key check" calls and jump over them. Given Sony' previous record though, they will probably do something stupid like implement this internet serial key checking function as a syscall which the hackers will just patch over to always return "the key is valid" leaving legitimate game owners the only ones who will have to deal with this crap.

I don't believe they'd ever do it. They can keep pushing firmware updates, blocking PSN accounts, detecting new modifications - just settle into the pattern like Microsoft have done! But to have to enter a long code for every PS3 game I buy? Is that before the long installation, followed by mandatory download and patch? Or after? And is that a one-time code meaning the same game can't be installed on a second PS3; would that be stomping on the used market at the same time? The PS3 is already the most

In any market, it is always advisable to be aware of what your competition is doing so that you can make sure you are offering a superior, or at least non-inferior, experience. Allowing your competition to stay leaps and bounds ahead of you in any market is a sure fire way to flush your business down the toilet! So who is your competition? Microsoft, and PIRACY. Yes, that's right, Piracy is a competitor, and don't you ever think otherwise. It's a competing distribution method that is cheaper and in some ways more convenient. Hope you have some great plans up your sleeve to prove that buying games is the most hassle free way to go; That buying games gets you a BETTER product!

Let's take a look at what the you and your competition are up to shall we... oh, it looks like none of you require a constant Internet connection to play games, so you're all on the same page there. Wait, what? You WANT to introduce that? Won't that put you in a WORSE position than your competitors on the level of convenience offered by your product? What if people have flaky Internet, or god forbid, NO Internet! Fuck them you say? Oh, well, okay. I'm going to have to deduct you a few points for that one.

Let's see... no one has CD key's either, so that's nice... wait, WHAT again!? You actually WANT to introduce these!? What if people lose their keys, or want to rent video games before buying? Fuck them you say? Welllll okay, it's YOUR business Sony. Of course, I'm going to have to deduct more points yet again...

You know Sony, you're not really selling me on why I want to buy from you here. What? Fuck me you say? You know, I'll remember that.

Even if Sony has the better of possible intentions with this, they'll immediately be faced with publishers seeking to take control of the online authentication in order to lock specific games to specific consoles and hence kill the resale market. This is also likely to be more of a problem for even those who always buy new and never sell, since any activation limit is more likely to cause problems when they take their game round to play at their friend's house.

They would have to say all used markets are 'wrong' to justify their whining about used games. Ford doesn't see money for a used Taurus being sold, a homebuilder sees no revenue from a used house sale, and so on for any random second hand thing on craigslist. Video games are not magically more entitled than any other industry.

Video games are different from cars and houses because they are copyrighted. So they don't have to say all used markets are "wrong", just that the Doctrine of First Sale is wrong. They would have had better luck in the past, when first sale wasn't actually law, just an unwritten guideline. But for a long time now it has been law. They've tried to get around it by saying "No see it says that the owner is allowed to resell, but we're the owner of the copyright, it doesn't actually refer to the owner of t

so how do you exactly play Dance Central without Kinect? press the buttons on the controller to move? the fun is moving your body and trying to learn the moves.

same with the music games. few weeks ago i found a $15 drum set on sale and bought rock band, guitar hero and some track packs. total cost around $50. how would i play the music games without the instrument add ons? the whole fun factor is to replicate the air guitar/drums that people play when listening to music

This happened to me with an EA game I bought cheap in a discount bin. Fortunately, EA was actually cool about it and after a few emails explaining the problem they gave me a replacement CD key. This surprised me a great deal because I have a low opinion of EA in general. Sometimes they will surprise you.

How does one "suffer" by having to enter in a keycode? It takes all of 5 seconds.

Ha-ha-ha-ha-ha... I don't remember which it was, but one game took me the best part of two days to install because the stupid sods used both B and 8 in the key (and similar easily-confused characters) and in the font they used they were almost identical. I must have entered a hundred different variations on the key until I found a post on the Internet explaining exactly how to work out which characters were which.

So yes, one has "suffered" from having to enter a stupid CD key to play a game that I've paid f

I had a hell of a time installing SpellForce because it was very difficult to tell the 0's and O's apart in the key. They only differed by a couple pixels on the corners so you had to squint at 'em to figure out which was which. Finally figured the damn thing out and put slashes through all the zeroes. Really, though, I wonder how no one catches shit like this before it gets out the door. Or maybe they just don't care. "We've already got their money, who cares if they can't read our poorly-printed serial nu

How does one "suffer" by having to enter in a keycode? It takes all of 5 seconds.

Right now console games are fairly portable. You can bring the disc over to a friend's house and play on their console. Or you can sell the game to somebody else. Or rent it somewhere. This is all possible because the DRM makes sure it's a legitimate disc - but not necessarily that it is unique.

If we're going to start doing keycodes on discs, they're going to become a hell of a lot less portable.

Once you've authenticated that keycode against your console, or your online account, or whatever you won't be

This move will NOT kill the platform but possible save it. I realize you probably don't own a PS3 or perhaps even game at all, but in case you haven't noticed, within the FIRST week of this hack being out, there has been all kinds of cheating now on COD. So much so that the developers of the game are now having to scramble to somehow fix it. The PSP is a platform that has a little over 50 million consoles out the door and yet can't sell a game for crap. Why? because

The PSP fails because most of the games SUCK. I own a PSP it sits idle. I know others that also own PSP's they sit idle as well.

The DS on the other hand get's played, heck my wife plays it a lot. yet the PSP1000 and the psp3000 I got for a deal both sit there unused because we cant find any games that I want to buy. THAT is why the PSP is dead, Sony releases only crap games.

AS for the PS3, they started the war, but the ps3 still was a distant 3rd in the consoles. I know more people that own a Xb

Damn good points. Also, think of this; Sony is spending millions of dollars on securing their system, rather than improving the gaming experience on it. They are trying to build a wall around a garden that is old, uninteresting, and now outgrowing the gardener's tiny constraints. Fuck 'em. Freedom of hardware is for the consumer and Sony would only like to piss on that very freedom. You buy the hardware, but Sony/Apple tells you what you can and can't do with it? That's not consumer friendly, that's b

In all fairness, the hardware being locked down is not just to thwart Joe Gamer from doing what he wants with his hardware. It's also to keep game companies from bypassing Sony and distributing their software without paying licensing fees. Sony doesn't make a lot of money off of each PS3 sale (and initially they lost money), so those fees for licenses and dev kits are an essential component of the console business model.

Console manufacturers don't get into that business to make money from console sales, the

The Xbox 360 controller is garbage for anything other than first/third-person shooters and certain other games. The d-pad might as well not exist, since it's so imprecise and useless for anything requiring digital directional input input. All the time, I hit "right" and end up going up/right, or down/right. It's useless for fighting games, it's useless for 2D platformers, and it's useless for emulating 8 and 16-bit consoles.

It would be cheaper to have unique press of disc per client with embedded serial in data than a hardware dongle. Hardware dongles are orders of magnitude more expensive than a disc. Even uniquely 'burned' discs are far too expensive for their tastes and they'd rather burden the user and keep mass-production pressing process in place.